search

yersinia / selinux-testsuite

GNU General Public License v2.0
1 stars 0 forks source link

libsepol.check_assertion_helper: neverallow violated #1

Open heaventud opened 9 years ago

heaventud commented 9 years ago

I was trying to build the selinux testsuite within policy based on refpolicy-2.20120725-r7 and get the following error at 'load' stage all time: root@Crocodile:/tmp/selinux-testsuite-master# make -C policy/ load make: Entering directory /tmp/selinux-testsuite-master/policy' make[1]: Entering directory/tmp-mvtaf/selinux-testsuite-master/policy/test_policy' Compiling standard test_policy module /usr/bin/checkmodule: loading policy configuration from tmp/test_policy.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 15) to tmp/test_policy.mod Creating standard test_policy.pp policy package rm tmp/test_policy.mod tmp/test_policy.mod.fc make[1]: Leaving directory /tmp/selinux-testsuite-master/policy/test_policy' /usr/sbin/semodule -i test_policy/test_policy.pp libsepol.check_assertion_helper: neverallow violated by allow test_create_no_t sysadm_t:process { sigchld }; libsemanage.semanage_expand_sandbox: Expand module failed /usr/sbin/semodule: Failed! make: *** [load] Error 1 make: Leaving directory/tmp/selinux-testsuite-master/policy' root@Crocodile:/tmp/selinux-testsuite-master#

file that contains violated rule is policy/test_policy.if. P.S. I use a comercial distro. I had some issues before it, but I fixed they, creating some little patch (in attachment).

heaventud commented 9 years ago

Couldn't add the attachment. Show the patch for test suite here:

diff -rwbu selinux-testsuite-master.orig/policy/Makefile selinux-testsuite-master.new/policy/Makefile --- selinux-testsuite-master.orig/policy/Makefile 2010-06-29 23:12:04.000000000 +0530 +++ selinux-testsuite-master.new/policy/Makefile 2015-01-12 20:36:05.485012165 +0530 @@ -38,7 +38,7 @@ ifeq (redhat-release-, $(findstring redhat-release-, $(REDHAT_RELEASE))) $(MAKE) -C redhat/$(REDHAT_VERS) load else

@@ -46,7 +46,7 @@ ifeq (redhat-release-, $(findstring redhat-release-, $(REDHAT_RELEASE))) $(MAKE) -C redhat/$(REDHAT_VERS) unload else

diff -rwbu selinux-testsuite-master.orig/policy/test_global.te selinux-testsuite-master.new/policy/test_global.te --- selinux-testsuite-master.orig/policy/test_global.te 2010-06-29 23:12:04.000000000 +0530 +++ selinux-testsuite-master.new/policy/test_global.te 2015-01-12 20:36:05.510012036 +0530 @@ -8,6 +8,12 @@ attribute testdomain;

Authorize sysadm_r and system_r for the test domains.

+gen_require(`

diff -rwbu selinux-testsuite-master.orig/tests/ioctl/test_ioctl.c selinux-testsuite-master.new/tests/ioctl/test_ioctl.c --- selinux-testsuite-master.orig/tests/ioctl/test_ioctl.c 2010-06-29 23:12:04.000000000 +0530 +++ selinux-testsuite-master.new/tests/ioctl/test_ioctl.c 2015-01-12 20:36:05.518012040 +0530 @@ -5,7 +5,7 @@

include <sys/types.h>

include <sys/stat.h>

include <linux/fs.h>

-#include <linux/ext2_fs.h> +#include <ext2fs/ext2_fs.h>

include

/* diff -rwbu selinux-testsuite-master.orig/tests/ioctl/test_noioctl.c selinux-testsuite-master.new/tests/ioctl/test_noioctl.c --- selinux-testsuite-master.orig/tests/ioctl/test_noioctl.c 2010-06-29 23:12:04.000000000 +0530 +++ selinux-testsuite-master.new/tests/ioctl/test_noioctl.c 2015-01-12 20:36:05.540011997 +0530 @@ -8,7 +8,7 @@

include <sys/types.h>

include <sys/stat.h>

include <linux/fs.h>

-#include <linux/ext2_fs.h> +#include <ext2fs/ext2_fs.h>

include <sys/utsname.h>

include

include

diff -rwbu selinux-testsuite-master.orig/tests/Makefile selinux-testsuite-master.new/tests/Makefile --- selinux-testsuite-master.orig/tests/Makefile 2010-06-29 23:12:04.000000000 +0530 +++ selinux-testsuite-master.new/tests/Makefile 2015-01-12 20:36:38.390940266 +0530 @@ -21,7 +21,7 @@

test: all chcon -R -t test_file_t .